Encrypted electronic messaging exchange

ABSTRACT

A computer-implemented system and method for secure electronic message exchange includes receiving an encrypted message between one of an inmate or an outside user. The message is transmitted between the users without decrypting the message at the server to ensure privacy. In various configurations, the message is stored at the server in encrypted form and a notification message is transmitted to a recipient. The recipient may then request retrieval of the message from the server. After being authenticated, the encrypted message is provided to the recipient without being decrypted at the server.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation Application of U.S. application Ser.No. 16/786,110 filed Feb. 10, 2020, which is a Continuation Applicationof U.S. application Ser. No. 16/175,202, filed Oct. 30, 2018, now U.S.Pat. No. 10,560,488, which is a Continuation Application of U.S.application Ser. No. 15/974,108, filed May 8, 2018, now U.S. Pat. No.10,116,707, which is a Continuation Application of U.S. application Ser.No. 15/606,818, filed May 26, 2017, now U.S. Pat. No. 9,967,291, whichis a Continuation Application of U.S. application Ser. No. 15/259,439,filed Sep. 8, 2016, now U.S. Pat. No. 9,667,663, which is a ContinuationApplication of U.S. application Ser. No. 14/457,593, filed Aug. 12,2014, now U.S. Pat. No. 9,807,123, which is a Continuation Applicationof U.S. application Ser. No. 13/941,382, filed Jul. 12, 2013, now U.S.Pat. No. 9,680,878, which is a Continuation Application of U.S.application Ser. No. 12/802,641, filed Jun. 10, 2010, now U.S. Pat. No.8,488,756, which is a Continuation Application of U.S. application Ser.No. 10/996,795, filed Nov. 24, 2004, now U.S. Pat. No. 7,742,581, theentire contents of which are herein incorporated by reference. Otherrelated applications include U.S. application Ser. No. 15/620,986 filedJun. 13, 2017, now U.S. Pat. No. 9,923,932, U.S. application Ser. No.15/003,504 filed Jan. 21, 2016, now U.S. Pat. No. 9,787,724, U.S.application Ser. No. 14/457,604 filed Aug. 12, 2014, now U.S. Pat. No.9,680,879, and U.S. application Ser. No. 14/457,616 filed Aug. 12, 2014,now U.S. Pat. No. 9,306,883, the entire contents of which are hereinincorporated by reference.

FIELD OF THE INVENTION

The invention relates generally to the field of electronic messagingexchange in correctional institutions or similar facilities. Inparticular, the invention discloses the use of an electronic messageexchange system with the capacity to monitor, control access, and billfor usage of such a system.

BACKGROUND OF THE INVENTION

As electronic messaging has become commonplace with the advent of theInternet in recent years, many institutions, such as prisons, nursinghomes, mental institutions, etc., have the need to offer inmates orresidents controlled electronic messaging exchange access. Common formsof interaction for inmates and residents with external parties includesuch mediums as site visits and telephonic communication. While both ofthese methods can be useful, electronic messaging can prove to be moreeffective and provides an alternative to the aforementioned mediums. Forthe purposes of simplicity, discussion will be limited to inmates withina correctional facility, but the discussion can easily be expanded toinclude residents of other institutions.

Site visits from an inmate's family, attorney, etc. are often noteconomically or physically possible. The inability of visitors to makesite visits to the inmate results from such factors as the distance fromand costs incurred to travel to the institution. In addition, it iscostly and difficult for some institutions to provide monitoring andsecurity for the visitors and inmates. As a result, an alternativemethod is necessary to allow controlled inmate communication withexternal parties.

An alternative to site visits, telephonic communication, poses otherproblems.

Some visitors may be several time zones away from the penal institutionmaking telephonic communication difficult and even prohibitive.Additionally, telephonic communication between external parties andinmates can prove expensive. There are two common methods of paymentavailable to inmates. In the first method, a collect call is placed toan acceptable outside party. In the second method, an inmate has anaccount in which money is deposited from a variety of sources and foreach phone call; the cost of the call is then deducted from the accountbalance. The costs vary as a result of, inter alia, different serviceproviders for different facilities. Usually the institutions contract aservice provider to install, operate and maintain the facility's system.As a result, costs for calls within the penal institution are generallymuch more than for similar calls made outside of the institution.

From the standpoint of the institution, inmate telephone usage can proveexpensive, as it is necessary to monitor and record the activities ofeach of the residents in order to properly charge each individual callerfor his or her outgoing calls. There are three common methods formonitoring telephone calls: live monitoring, passive monitoring andmonitoring via a standard recording device. One such system known in theart provides a computer-based telecommunication system for the purposeof allowing an institution to control, monitor, record and report usageand access to a telephone network. In addition, the institution controlswhom the inmate can or cannot call.

Electronic messaging, such as emailing and instant messaging, has becomeprominent in recent years as a medium of information transfer. Whilethere is good reason to provide inmates with electronic messagingaccess, there is also a necessity to control the inmate's access tosending and receiving electronic messages. There have been instanceswhere email has been banned from prisons, even when received via aprinted form, resulting from, inter alia, a lack of secure controlmethods. System control is necessary to prevent harassing messages tooutside parties, to prevent fraudulent activities, etc. Therefore,systems in such environments must monitor and control the electronicmessaging activity of each inmate. Systems should also have a means ofmaintaining electronic messaging records for each inmate. The systemshould include a means for communicating with emailed parties to enablethe contacted parties to prevent future emails from inmates. The sameholds true for instant messaging. In short, the communications systemused in a regulated institution must employ unique monitoring andcontrol functions often unnecessary in other types of electronicmessaging exchange systems. Further, an exchange system in institutionsshould reduce the workload burden of the correctional facility whileprovide security through intelligence gathering capabilities.

In order for the methods of monitoring and control to be effective, itis important to prevent inmates from exploiting any loop-holes that canbe used to bypass the control features of the system. This control isvital to ensure that the inmate does not access blocked addresses, forexample, to perpetrate additional criminal activities or harass certainparties.

An electronic messaging system with restricted access should be able toperform the same functions as a normal electronic messaging system. Thesystem should provide keyword scans, translation, file preparation,encryption, control over sent and received electronic messages to andfrom external sources, a billing method, etc. While there are systemsthat provide for some of these features, there is no system thatprovides a comprehensive solution for electronic messaging in acorrectional facility. The present invention encompasses all theelements into a single system enabling a secure electronic messagingsystem to be utilized in penal institutions.

For example, systems are known in the art that filter unwanted, bulk, orjunk emails, commonly referred to as “spam”. The filtering can be doneby a variety of methods including: sender address, sender organization,recipient address, recipient organization, attachment type, and emailmessage content type. Each of these filtering types can be used in orderto reduce “spam”. The emails that pass the filtering process are thensent to a recipient or recipients. Potential “spam” is then stored in aseparate location, where it is examined by either the potentialrecipient or a third party. If determined to be “spam”, it is deleted ormoved to another folder. Another possibility is to have the potential“spam” automatically deleted without verification by a party.

A different system provides a methodology for a computerizedtelecommunications system for voice to text message storage for use incorrectional facilities. This system receives an external message viaeither voice or text. There are two storage means: a voice message boxor an email inbox. If a voice message is received, it passes as aregular telephonic voice message is then stored as a voice message inthe voice message box. If instead, the storage unit is an email box anda voice message is received, the voice message is converted to text andthe message is then saved. The reverse happens if the message is a textmessage and the storage medium is a voice message box. If a text messageis received and the inmate has an email in box, then the text message issaved as text. The inmate is then notified of the new message. Thissystem can also allow the inmate to send either a text or a voicemessage to an external party. If it is a voice message, then noconversion occurs and the message is sent. However, if an inmate'smessage is in the form of text, then either a text to voice conversionoccurs before being sent to the outside party or the text message issent via email to the external party. The invention is limited in thefact that it can only handle email or voice messages.

Yet another system known in the art provides a system and method forproviding a sponsored or universal telecommunications service and thirdparty payer services. The system discloses a method for providing aservice for a sponsor to pay for communication via voice, data ormulti-media services, on the behalf of others. The method furtherprovides universal service for telecommunication voice and multimediaapplications without tax or market subsidies.

In the view of the foregoing, a need exists for an inclusive method forallowing inmates access to electronic messaging systems. The presentinvention provides an alternative to site visits, telephonic and otherforms of communication. It also offers a secure method for usingelectronic messages within a correctional or similar institution,including such features as monitoring, controlling, archiving andbilling.

SUMMARY OF THE INVENTION

The invention embodies an electronic message exchange system for use inpenal institutions, or similar facilities and institutions. It providesa combination of systems and services, which allow inmates and theiroutside contacts to communicate via written correspondence in anexpedient manner. Further, the present invention includes the capabilityfor sending and receiving messages via a telephone and converting themas the necessary to text or similar format. The present invention alsoreduces the workload of the correctional facility staff and offersincreased security by providing intelligence gathering capabilities.

The invention is designed to provide routing and identificationprocessing, content control, translation, file preparation, andencryption. Also, a method for billing of services rendered is included,in addition to controlling the communication limitations for the inmatethrough such methods as populating an allowed or disallowed contactlist, and controlling the frequency, size and length of communications.It also features alert methods for sent and received messages.

The invention provides a secure barrier, referred to herein as thecentral service center or central station, through which messages areforwarded to the intended party. The central service center is designedto gather information from the messages and alert the appropriateofficials of those messages that present concerns prior to beingdisseminated to the receiving party.

In addition, the central service center acts as the central processingcenter for incoming and outgoing messages. Its primary objective is toprovide a centralized location capable of processing messages to andfrom approved accounts. In the preferred embodiment of the presentinvention, files are created as a result of the required processes ofthe institution and saved in an approved format (i.e., email, printedmedium, voice message, or other similar types of formats). These filesare then retrieved from or sent to the institution depending on therequirements. The service center also serves as a repository of allmessages and of all primary data captured from those messages. Further,it serves as a web portal through which institutions and users canretrieve messages and data from those messages.

Additionally, the central service center is preferably located remotelyfrom the institution. However, it is foreseeable that the centralservice center may be located at the institution. Outside contacts gainaccess to the central service center preferably via their existingInternet Service Provider (ISP). The service center provides secureweb-based access via a user-friendly interface to each outside contactthrough the system's software, preferably residing on a server at theservice center. In the preferred embodiment, once an account is createdand payment means are established, the outside contact may log in to thecentral service center. After the outside contact logs in, he or she mayview a received message and/or compose a message to his or her intendedrecipient, such as to an inmate. In the preferred embodiment, theoutside contact's account is charged a monthly fee for the service. Inan alternative embodiment, the outside contact's account is charged byan amount commensurate with the charges for each message. The paymentmethod may be pre-paid or the account can be charged for later billing.These methods will vary and are customizable based on the institution'srequirements.

Furthermore, the central service center processes messages using variouscriteria, including, but not limited to, the intended recipient, keywordsearches, language translation, suspect criteria, etc. Once theseprocesses have been performed, files containing the appropriateinformation (i.e., a message to an inmate including necessaryidentification information about the sender and the recipient) areforwarded to a site server or multifunction device designated for thesystem, preferably located at the institution. The institution's staffhas an opportunity to view the messages according to their desiredpriorities prior to allowing the messages to be delivered to theirintended party. Additionally, the central service center also providesintelligence gathering and reporting capabilities, which are madeavailable through various screens in the system software. Administratorscan access the system locally or remotely via the Internet. Certainaspects of the central service center may alternatively be incorporatedinto a site server, if supplied.

The invention also provides several methods of inputting text,including, but not limited to, a computer terminal, fax and writtencorrespondence. In addition, an inmate may leave a voice message, whichis then preferably converted to text. Safe terminals may be provided forthe inmate population, which allow inmates to type outgoing messages andview incoming messages. In this embodiment, the safe terminals arepreferably completely isolated from the Internet, connected only to thesite server, and only capable of accessing the secure system software.If an inmate handwrites a message, the message is scanned and sent tothe appropriate contact. Further, messages received from outsidecontacts may be printed onsite and once the message is approved forviewing, the printed message is sent to the inmate.

In an alternative embodiment, an integrated system is used for bothinstant messaging and email, which allows inmates direct access toterminals for sending and receiving messages. In yet another differentembodiment, two separate systems exist, one for instant messaging andone for email purposes. These embodiments also have a secure site(similar to the preferred embodiment) that both inmates and externalparties log into in order to communicate with each other. Further,administrators can remotely access and manage the site.

When safe terminals are incorporated into the system, the systempreferably utilizes a secure user name and password for userauthentication. In this embodiment, the institution pre-determines theuser name and password, with the password preferably changing after afixed interval of time or if tampering is suspected. However, to one ofordinary skill in the art, it is apparent that other forms of securitymeasures can easily be implemented including such methods as radiofrequency identification (RFID), and various biometric features. Thesemethods can be used alone or in conjunction with any of the othersecurity measures.

In the preferred embodiment, each inmate has a unique recipient addressor user identification that external parties can send a message to. Whenan outside party attempts to send an electronic message to an inmate, aseries of control measures occur. The sender address is checked forauthenticity and to ensure that the sender is an acceptable contact forthe inmate. The acceptable contact list can be maintained via an“allowed contact list” or via a “disallowed contact list”. The allowedand disallowed lists may also be used in conjunction with each other.Content control is managed as the message itself is scanned for certainkeywords and phrases. If a keyword or phrase is found, the message isflagged and sent to the service center or institution for manualexamination. The message is translated as necessary, and the files areprepared and encrypted. After passing through the control measures, themessage is then routed to the appropriate institution for viewing on thesecure terminal or printing on the multifunction device. To oneknowledgeable in the art, other authentications and control measures canbe easily implemented. For outgoing inmate messages, a series ofauthentications is also performed similar to that of incoming messages.

The invention alerts the inmate of received messages preferably via thesame method used by the institution for received mail. Also, the actualmessage may be delivered with the mail via a printed medium. In analternative embodiment, the inmate is alerted after he or shesuccessfully logs into a secure terminal, such as the aforementionedsafe terminal. In yet a different embodiment, the inmate is notified onclosed circuit monitors that display a list of the inmates that have newmessages.

The preferred embodiment of the invention allows external users accessto set up an account. It provides security checks for authorizing theexternal user. After the account is set up by the external party, theaccount holder can communicate via written messages with the desiredinmate. The invention further preferably provides a maximum limit to theamount of communication between the parties. In the preferredembodiment, the external party's account is billed a monthly servicefee.

In an alternative embodiment, each inmate has a registered account (asopposed to the account being registered to the external party). When theaccount is accessed and email is sent, the cost of the email is thendeducted from the account balance. Payment occurs from such methods aspre-paying or billing after-the-fact for usage. A similar method can beimplemented for instant messaging. Charges can be accrued based onmeasures such as total number of words, total number of lines, a fixedrate for each message sent or a rate for the time the inmate is loggedin, etc.

The invention archives all incoming and outgoing messages through anautomated storage database. This database can be searched in a varietyof ways to retrieve desired information, except for restricted orprivileged communications that are protected by the attorney-clientprivilege. These electronic messages are locked except to the authorizedparties.

In the current embodiment of the invention, when an inmate sends amessage to an approved address, the recipient receives an emailnotification from an automated administrator stating that the inmatewishes to send the recipient a message. If the recipient desires toreceive the message, he or she then logs onto a secure site via theInternet, enters the appropriate security identification and views themessage. The recipient is required to set up an account for the purposesof monitoring the messages sent and received. Also, the account ispreferably billed based on a monthly service fee. All forms offorwarding or copying the message to anyone other than the originalrecipient are prevented. The external recipient then has the option ofsending an email back to the inmate. Recipients can also choose toremove the inmate from their list, preventing the inmate from futurecontact with said recipient.

When instant messaging is allowed by the institution, an inmate whowishes to have an instant message conversation with an approved externalparty sends a message to the external party through the secure site andif the party accepts, the outside party then logs onto the secure sitewhere the instant messaging conversation then occurs. If the externalparty does not respond, the inmate has the option of sending a messageto attempt to set up a date and time to hold the conversation. Themessage sent from the inmate to the outside party can be sent to anemail address or an outside instant messaging platform.

Therefore, it is an object of the invention to provide a comprehensiveelectronic message exchange system for use in penal or similarinstitutions.

It is also an object of the invention to provide secure writtencorrespondence to and from an inmate in a secure facility.

A different object of the invention is to provide means for leaving avoice message and converting the voice message to text for viewing.

It is another object of the invention to provide a secure platform fromwhich electronic messaging can occur.

It is yet another object of the invention to provide securityauthentication for inmates and external parties.

It is still another object of the invention to provide translation forincoming or outgoing messages.

It is also an object of the invention to control the list with whom aninmate can electronically converse.

Additionally, it is an object of the invention to prevent messages frombeing forwarded to any additional parties by the recipient of themessage.

It is a further object of the invention to encrypt the incoming andoutgoing messages within the electronic message exchange system.

Furthermore, it is an object of the invention to provide content controlfor messages via such methods as keyword and phrase scanning.

It is still another object of the invention to provide alerts for theinmate upon receiving a message from an external party.

It is a further object of the invention to provide a billing method forservices rendered while using the electronic message system.

It is another object of the invention to reduce institutional staffresources required for correspondence purposes.

Further, it is an object of the invention to provide the appropriate,personnel with means to search for and view incoming and outgoingmessages.

Finally, it is an object of the invention to archive and store allmessages in a database and to mark all protected messages for suchreasons as attorney-client privilege, thus making them inaccessibleexcept to those with the authority to access them.

Other objects, features, and characteristics of the invention, as wellas methods of operation and functions of the related elements of thestructure, and the combination of parts and economies of manufacture,will become more apparent upon consideration of the following detaileddescription with reference to the accompanying drawings, all of whichform part of this specification.

BRIEF DESCRIPTION OF THE DRAWINGS

A further understanding of the invention can be obtained by reference toa preferred embodiment set forth in the illustrations of theaccompanying drawings. Although the illustrated embodiment is merelyexemplary of systems for carrying out the invention, both theorganization and method of operation of the invention, in general,together with further objectives and advantages thereof, may be moreeasily understood by reference to the drawings and the followingdescription. The drawings are not intended to limit the scope of thisinvention, which is set forth with particularity in the claims asappended or as subsequently amended, but merely to clarify and exemplifythe invention.

For a more complete understanding of the invention, reference is nowmade to the following drawings in which:

FIG. 1 is a block diagram of the preferred embodiment of the inventiondepicting the electronic message exchange system.

FIG. 2 is a flow chart of the preferred process of the inventionillustrating an external party sending messages to an inmate and viewingmessages sent by an inmate.

FIG. 3 depicts a flow chart of the preferred process of the inventionwhereby an inmate sends a message to an external party.

FIG. 4A depicts a block diagram of an alternative embodiment for theelectronic messaging exchange system allowing inmates direct access touser workstations.

FIG. 4B depicts a block diagram of an alternative embodimentillustrating a universal control system for incorporation of atelephonic communications system in conjunction with the electronicmessaging exchange system.

FIG. 5 is a flow chart of an alternative process of electronic messageexchange between an inmate and an external party according to thepresent invention when inmates are provided direct access to userworkstations.

FIG. 6 shows a flow chart of an alternative process for electronicmessage exchange from an external party to an inmate according to theinvention when inmates are provided direct access to user workstations.

DETAILED DESCRIPTION OF THE DRAWINGS

As required, a detailed illustrative embodiment of the invention isdisclosed herein. However, techniques, systems and operating structuresin accordance with the invention may be embodied in a wide variety offorms and modes, some of which may be quite different from those in thedisclosed embodiment. Consequently, the specific structural andfunctional details disclosed herein are merely representative, yet inthat regard, they are deemed to afford the best embodiment for purposesof disclosure and to provide a basis for the claims herein, which definethe scope of the invention. The following presents a detaileddescription of the preferred embodiment of the invention (in addition tosome alternative embodiments).

Starting first with FIG. 1, depicted is a block diagram of the preferredembodiment of the invention illustrating the structural set up of theelectronic message exchange system. When an inmate desires to send amessage to an external party, the inmate goes to inmate compositionstation 102 located at institution site 100. In the preferredembodiment, an inmate composes a hand-written or typed text message on apreprinted form. On this form, the inmate fills out his or her personalregistration number and the account number, which the inmate wishes themessage to be sent to. The account number is associated with an outsidecontact that has set up an account for access to the system. In analternative embodiment, an inmate may leave a voice message, which isthen converted to text. One of skill in the art will recognize that thisconversion can easily be incorporated into the system. Also, the inmatemay alternatively have access to a workstation for sending and receivingmessages. The system preferably charges the outside contact a monthlyfee for the ability to use the system, although other billing methodsare foreseeable. The number of messages sent and received by theexternal party is configurable to meet the security and workload needsof each individual institution. For example, in the present embodimenteach external party may send “n” messages and receive “n” messages fromeach inmate on their list where “n” is an integer. For instance, if anoutside contact desires communication with two inmates, then the outsidecontact is allowed to send “n” messages to each inmate and receive “n”messages from each inmate, for a total of “4n” messages, “2n” for eachinmate.

After the inmate composes the message at inmate composition station 102located at institution site 100, the message is sent to multi-functionunit (MFU) 104. Preferably, MFU 104 is located in the institution'smailroom, but other locations are foreseeable. The inmate messages areloaded into MFU 104. MFU 104 scans the messages and the messages areelectronically sent to central station 106. Central station 106 ispreferably located remote to the institution and is preferably connectedto MFU 104 via an Internet Protocol (IP) connection. At central station106, conversion engine 108 converts the written or typed text messagesreceived from MFU 104 into digital data that can be processed by server110. Although only one server 110 is pictured, multiple servers may beused commensurate with the amount of data requirements: Central station106 further includes such elements as routers and data services vialocal telephone company provided circuits (not shown in FIG. 1).

The aforementioned conversion can be done by such means, including, butnot limited to, optical character recognition (OCR) and intelligentcharacter recognition (ICR). Once conversion engine 108 converts themessage as necessary, server 110 at central station 106 associates eachmessage with the intended recipient and the message sender. Server 110checks to see if the attempted message exchange is acceptable. Server110 also checks to ensure that the intended recipient and the inmate areauthorized to communicate. It further provides keyword and phrase scansof the messages. In the preferred embodiment, the site staff are allowedto view messages and approve the before sending the message to therecipient. Additionally, the system notifies the intended recipient ofthe message that the inmate has sent a message and provides for secureaccess and user log in for the recipient to view the message from theinmate and compose messages to the inmate.

The system preferably provides secure socket layer (SSL) protection ofdata sent to and received from server 110. The typed or written textmessages are stored as an image or converted to another format asrequired and made available for viewing by the intended recipient onserver 110. Server 110 provides a user-friendly interface for viewingand composing messages preferably via the Internet. It enables users toset up accounts and provides for billing for system usage. Server 110also is capable of providing such features including, but not limitedto, language translation, file encryption, filtering, file storage andfile preparation. Finally, messages received by the external party orthe inmate are blocked from being forwarded, copied, etc.

Next, FIG. 2 depicts a flow chart of the preferred process of theinvention illustrating both an external party sending messages to aninmate and viewing messages sent by an inmate. Initially, an externalparty attempts to access the secure system preferably via an Internetbrowser (step 200). The system provides a user-friendly interface formessage viewing and composition. If the user has not yet set up anaccount, the user enters a new account request (step 202). The systemthen performs an authentication check of the potential account holder toensure, inter alia, whether the user is an acceptable contact for theinmate (step 204). If the user passes the authentication step, the useris assigned a random account number (step 206).

The user is then prompted to choose a password (step 208). Otherauthentication means are foreseeable as well, such as a personalidentification number (PIN) or biometric identification means. Using theaccount number and password, the user logs into the system (step 210).If the user already has an account when he or she initially attempts tolog into the system (step 200), the user proceeds directly to the log instep (step 210). After successful log in, the user views messagesreceived from the inmate or composes messages to be sent to the inmate(step 212). The system then provides security checks (step 214) wherebythe message is checked for such things as keywords, and content. If themessage passes the security checks, it is then sent to the institution(step 220). If, however, the message fails the security checks, it issent to an administrator (step 216). At this point, the message and allother relevant file data are stored in a database (step 218). The systempreferably bills the appropriate account a monthly service fee. Inalternative embodiments, other billing methods, such as billing for thenumber of messages sent or for message length, may be utilized. Thepreceding processes are preferably performed by server 110 located atcentral station 106. However, it is foreseeable that other servers ordevices can be utilized to perform these functions. The message is sentto MFU 104 where the message is converted to a viewing format asrequired by the institution (step 220). The administrator preferablyviews the message and decides whether to allow the sending of themessage (step 222). If the message passes the administrator check, theinmate is notified (step 224) and the inmate reads the message (step226). If the message fails the administrator's check, it is blocked fromthe inmate (step 228).

FIG. 3 depicts a flow chart of the preferred process of the inventionwhereby an inmate sends a message to an external party. First, theinmate composes a message at inmate composition station 102 located atinstitution site 100 (step 300). As previously discussed, this messageis preferably either hand written or typed and contains the necessaryinformation regarding the inmate and the potential recipient. However,it is foreseeable that the inmate may leave a voice message or similarwhich is then converted as necessary. In addition, the inmate may havedirect access to a safe terminal or workstation for message composition.After the inmate completes the message, the message is sent to MFU 104.The message is scanned by MFU 104 and sent to conversion engine 108located at central station 106 (step 302). The message is converted to aformat appropriate for transmission to the recipient by conversionengine 108. Conversion engine 108 converts the message using such meansas OCR or ICR. Next, security checks are performed on the message (step304), which include, inter alia, making sure the recipient is anacceptable contact, keyword and phrase scan, and file preparation. Ifthe message fails to pass the security checks (step 304), anadministrator is notified (step 306), and the message is stored in adatabase (step 310). Further, the system preferably charges theappropriate account a service fee monthly.

If the message instead passes the security check (step 304), the systemsends a notification to the recipient stating that a new message fromthe inmate is available for viewing over the secure system site (step308) and the message is stored (step 310). The recipient logs into thesecure site preferably via an Internet browser (step 312) and views themessage (step 212). The recipient also has the option of sending amessage to the inmate at this point. If the recipient chooses to do so,the recipient then proceeds to compose a message (step 212).

FIG. 4A shows a block diagram of the basic set up of the electronicmessage exchange system according to an alternative embodiment of theinvention. Computer control platform 401 is connected to the userworkstations 403 a-n and the external third parties 405 a-n viaconnections 407 a-n and 409 a-n, respectively. Computer control platform401 can be local or remote to the user workstations. Connections 407 a-ncan be either cable or wireless. In addition, connections 407 a-n can bea Wide Area Network (WAN), a Local Area Network (LAN) connection, etc.Connections 409 a-n connects the computer control platform 401 to theexternal third parties 405 a-n via the Internet.

Computer control platform 401 is monitored and controlled, eitheractively or passively, by an administrator. Computer control platform401 contains one or more servers, which processes the electronicmessages, prepares and routes the electronic messages, performs securitychecks and encrypts the electronic messages. It also stores theelectronic messages. In addition, computer control platform 401 preparesnotifications to send to either the inmate or the external third party.It also has a secure platform for communication between the inmate andthird party. Both the inmate and third party use this platform to sendmessages back and forth. Further, administrators can remotely or locallyaccess the system via a workstation (not shown). In the remote accessset up, the administrator accesses the system via the Internet toperform various administrative functions (i.e., viewing messages,setting control parameters, performing database searches, printingreports, etc.).

FIG. 4B depicts a block diagram of another alternative embodiment of theinvention. In addition to enabling electronic messaging, thisalternative embodiment provides a telephonic communication platform asis known in the art. Also, the system enables users to send and receivevoice messages. Further, the system converts the messages from voice toa variety of text formats and from a variety of text formats to voice asnecessary. Central control platform 511 contains central computercontrol platform 523 and central telephone control platform 521. Centralcomputer control platform 523 performs the same functions as theaforementioned computer control platform 401. Central computer controlplatform 523 is connected to user workstations 503 a-n and third partyworkstations 509 a-n via connections 515 a-n and connections 519 a-n,respectively. Connections 515 a-n may be cabling or wireless. Also,connections 515 a-n can be a WAN connection, a LAN connection, etc.Connections 515 a-n connect computer control platform 523 to theexternal third parties 509 a-n via the Internet.

Computer control platform 523 is monitored and controlled, eitheractively or passively, by an administrator. The administrator mayperform various administrative functions via a local workstation (notshown) or remotely by accessing the system via the Internet. Computercontrol platform 523 contains one or more servers, which processes theelectronic messages, prepares and routes the electronic messages,performs security checks and encrypts the electronic messages. It alsostores the electronic messages. In addition, computer control platform523 prepares notifications to send to either the inmate or the externalthird party. It also has a secure platform for communication between theinmate and third party. Both the inmate and third party use thisplatform to send messages back and forth.

Central control platform 511 also contains central telephone controlplatform 521. Central telephone control platform 521 connects usertelephonic communication devices 501 a-n with external party telephoniccommunication devices 507 a-n via connections 513 a-n and 517 a-n,respectively. Central telephone control platform 521 enables inmates totelephonically communicate with an external third party. Centraltelephone control platform 521 provides for control, monitoring, andbilling. Further, central control platform 511 enables conversionbetween voice and text messages. For example, if the system receives avoice message, the system can convert the voice message to a text formatfor viewing.

FIG. 5 depicts a flow chart of an alternative process showing theelectronic messaging exchange between the inmate and the external party.As shown, the process begins with an inmate's attempt to log into thesecure platform (step 101). The site then prompts for the inmate toenter a provided user name and password (step 103), although to oneskilled in the art, other security measures such as biometrics, radiofrequency identification (RFID), etc. can be used “instead of or inconjunction with a user name and password. Next, the user authenticationis checked (step 105). If the user is authenticated, the processcontinues where the inmate is asked to choose whether he or she wouldlike to instant message (IM) or email an external party (step 107). Ifthe user is not authenticated, the user is again prompted to enter theuser name and password (step 119). If the user is authenticated on thissecond attempt, then the user is asked whether he wants to send an IM oremail (step 107).

If, however, the inmate again incorrectly inputs the properidentification, the session terminates and an administrator may beelectronically notified (step 121). When this second attempt failureoccurs, the session is checked to see if the user ever logged in (step129). If the user was not logged in, then the system is exited (step131). Preferably, a monthly service fee is charged to the appropriateaccount. However, fees can be also be charged based on a variety ofdifferent methods, including, but not limited to, a charge per email orIM, a per minute charge, or a charge for the length of messages sent orreceived. Also, the system may be set up such that a third party can payfor the email or IM communication. Once messages have been archived(step 117), the system exits (step 131).

The system can be configured to allow only one log on attempt. Also, thesystem may be configured to allow for more than one attempt. Both ofthese can be controlled at the administrator's option. Additionally, thesystem may be triggered to automatically monitor or record communicationafter a certain number of attempts rather than terminate the session.Further, the system can be set to monitor or record any session that theadministrator desires, such as for certain users that have previouslyattempted to engage in criminal activity via the system.

The inmate decides whether to email or IM and the inmate writes eitheran email (step 109) or an IM (step 123). If the inmate chooses tocompose an email, after the inmate writes the email, it is subjected tosecurity measures including a content check and authentication that thepotential recipient has an acceptable address (step 111). If the emailpasses through security, an email notification is sent to the recipientcontaining a log in identification, password and directions to a securesite that he or she can visit to view the sent message (step 113). Theinmate is then prompted to log out (step 115). If the inmate choosesinstead to continue, the process reverts back. The inmate is prompted tochoose whether to IM or email (step 107). If the inmate logs out, themessages are archived (step 117). If the email fails to pass thesecurity check (step 111), the session is terminated and theadministrator is notified (step 121). In addition, at this point, acheck of whether the user was logged in and if messages were sent occurs(step 129) and if verified, and messages are archived (step 117). If themessage is confidential as protected by attorney-client privilege, it islocked so that it cannot be accessed by unauthorized sources.

If the inmate chooses to write an IM instead of an email (step 107), theinmate writes an IM and attempts to send it (step 123). The instantmessage is subjected to the same security measures as an email (step125). If the message fails to pass, the session is terminated and theadministrator is notified (step 121). Next, the system checks to see ifthe user was logged in and if any messages were sent (step 129). If yes,the messages are archived and stored (step 117) and the system exits(step 131). When an IM passes the security constraints (step 125), amessage is sent to the external recipient (step 127).

After the message is sent (step 127), the contacted external party isnotified of the attempted contact by the inmate (step 141). For example,the external party can be notified of the attempted contact by theinmate, through an email, or via a third-party instant messagingplatform. The response can result in three different scenarios. Thefirst is that there is no reply from the external party after a setinterval of time (step 133). When this occurs, the user is prompted tolog out or continue and attempt another electronic message exchange(step 115). Additionally, the user has the option of sending anothermessage to the external party to set up a time and date when he or shewishes to hold a future IM conversation. If the user logs out, messagesare archived and stored as previously discussed (step 117). If insteadthe inmate decides to attempt another message, the user is prompted tochoose if he or she wants to write an email or IM (step 107).

The second possibility when the external party is notified is that theexternal party declines the conversation and the administrator isnotified (step 143). The user is prompted to log out or continue (step115) and the process continues.

The final possibility is that the external party accepts the invitationto join the inmate in an instant messaging conversation (step 135).Further, the external party logs into the secure site and a conversationensues. The conversation is monitored via such methods as word spotting.If inappropriate conversation ensues, the conversation is terminatedimmediately (step 137). If not, the conversation continues for a setlength of time, after which the system terminates the conversation. Theuser is then prompted to log out (step 115) and the loop repeats.

The system can be also be configured to automatically log out after auser has been logged in for a set time period. In this embodiment, thesystem is also set to notify the user at given intervals to warn theuser of the remaining time before automatic log out occurs.

FIG. 6 depicts an alternative process whereby an external party messagesan inmate (step 301). The message goes through a security check (step303). The security check may include both manual and automated securitychecks. The external party is verified as an acceptable contact for theinmate and the sender address is authenticated through such methods as adigital signature. If the message fails the security check, theadministrator receives the message (step 315). Conversely, if themessage passes the security checks, the system sends the message to theinmate (step 305). Next, the inmate is notified of the new message (step307). The inmate then logs into the system and reads or sends messages(step 309), preferably following the same process as in FIG. 2. Aftercompleting the session, the inmate logs out (step 311). The messages arearchived and stored (step 313).

While the invention has been described with reference to the preferredembodiment and several alternative embodiments, which embodiments havebeen set forth in considerable detail for the purposes of making acomplete disclosure of the invention, such embodiments are merelyexemplary and are not intended to be limiting or represent an exhaustiveenumeration of all aspects of the invention. The scope of the invention,therefore, shall be defined solely by the following claims. Further, itwill be apparent to those of skill in the art that numerous changes maybe made in such details without departing from the spirit and theprinciples of the invention. It should be appreciated that the inventionis capable of being embodied in other forms without departing from itsessential characteristics.

What is claimed is:
 1. A messaging platform for processing text-basedmessages involving an inmate of a controlled environment facility,comprising: a database; a transceiver; and one or more processorsconfigured to: receive an encrypted message designated as being eitherto or from the inmate; store a copy of the encrypted message in thedatabase for later retrieval; send a notification to a message recipientthat the encrypted message is available for retrieval; receive aretrieval request from the recipient for the encrypted message; andprovide the encrypted message to a recipient device associated with therecipient in response to the retrieval request.
 2. The messagingplatform of claim 1, wherein the encrypted message is provided to therecipient device in encrypted form.
 3. The messaging platform of claim1, wherein the encrypted message is stored in the database in encryptedform.
 4. The messaging platform of claim 1, wherein the one or moreprocessors are further configured to authenticate the recipient inresponse to receiving the retrieval request.
 5. The messaging platformof claim 4, wherein the authenticating includes: receiving personalidentification information from the recipient; retrievingpreviously-stored authentication information from the database; andcomparing the received personal identification information to thepreviously-stored authentication information.
 6. The messaging platformof claim 1, wherein the providing of the encrypted message to therecipient device includes transmitting the encrypted message to therecipient device.
 7. The messaging platform of claim 1, wherein theproviding of the encrypted message to the recipient device includesdecrypting the encrypted message and sending the decrypted message tothe recipient device.
 8. A method for processing text-based messagesinvolving an inmate of a controlled environment facility, the methodcomprising: receiving an encrypted message designated as being either toor from the inmate; storing a copy of the encrypted message in adatabase for later retrieval; sending a notification to a messagerecipient that the encrypted message is available for retrieval;receiving a retrieval request from the recipient for the encryptedmessage; and providing the encrypted message to a recipient deviceassociated with the recipient in response to the retrieval request. 9.The method of claim 8, wherein the encrypted message is stored in thedatabase in encrypted form.
 10. The method of claim 8, wherein theencrypted message is provided to the recipient device in encrypted form.11. The method of claim 8, further comprising authenticating therecipient in response to receiving the retrieval request.
 12. The methodof claim 11, wherein the authenticating includes: receiving personalidentification information from the recipient; retrievingpreviously-stored authentication information from the database; andcomparing the received personal identification information to thepreviously-stored authentication information.
 13. The method of claim 8,wherein the providing of the encrypted message to the recipient deviceincludes transmitting the encrypted message to the recipient device. 14.The method of claim 8, wherein the providing of the encrypted message tothe recipient device includes: decrypting the encrypted message; andsending the decrypted message to the recipient device.
 15. A wirelesscommunication device configured to provide message exchange involving aninmate of a controlled environment facility, the wireless communicationdevice comprising: a user interface device configured to display messageinformation to a user of the wireless communication device; an inputdevice configured to receive input commands from the user; a transceiverconfigured to transmit and receive signals with a backend server; andone or more processors configured to: receive a message and a messagerecipient identifier from the user via the input device; encrypt thereceived message; generate a message package for transmission to thebackend server, the message packaged including the encrypted message andthe recipient identifier; and cause the transceiver to transmit themessage package to the backend server.
 16. The wireless communicationdevice of claim 15, wherein the message is a text-based message.
 17. Thewireless communication device of claim 15, wherein the one or moreprocessors are further configured to receive a notification from thebackend server that an incoming message has been received thatdesignates the user as recipient.
 18. The wireless communication deviceof claim 17, wherein the one or more processors are further configuredto: receive an instruction from the user via the input device to requestretrieval of the incoming message from the backend server; and cause thetransceiver to transmit a retrieval request to the backend server inresponse to the receiving of the instruction.
 19. The wirelesscommunication device of claim 18, wherein the one or more processors arefurther configured to: receive an incoming message package from thebackend server in response to the transmitting of the retrieval request,the incoming message package including an encrypted incoming message;decrypt the encrypted incoming message; and display the decryptedincoming message to the user via the user interface.
 20. The wirelesscommunication device of claim 18, wherein the one or more processors arefurther configured to: receive a stream of incoming message data fromthe backend server that includes decrypted incoming message data; anddisplay the received incoming message data to the user via the userinterface.